Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 863f16fd627787466d99b44386e586bb797a7f10 / . / keystore / IKeystoreService.cpp
blob: 78e36a8ae6df7986b95bab39484ae31fec072419 [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]33const ssize_t MAX_GENERATE_ARGS = 3;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]34static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]35
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]36KeystoreArg::KeystoreArg(const void* data, size_t len)
37 : mData(data), mSize(len) {
38}
39
40KeystoreArg::~KeystoreArg() {
41}
42
43const void *KeystoreArg::data() const {
44 return mData;
45}
46
47size_t KeystoreArg::size() const {
48 return mSize;
49}
50
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]51OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]52 data(NULL), dataLength(0) {
53}
54
55OperationResult::~OperationResult() {
56}
57
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame]58status_t OperationResult::readFromParcel(const Parcel* inn) {
59 const Parcel& in = *inn;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]60 resultCode = in.readInt32();
61 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]62 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]63 inputConsumed = in.readInt32();
64 ssize_t length = in.readInt32();
65 dataLength = 0;
66 if (length > 0) {
67 const void* buf = in.readInplace(length);
68 if (buf) {
69 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
70 if (data.get()) {
71 memcpy(data.get(), buf, length);
72 dataLength = (size_t) length;
73 } else {
74 ALOGE("Failed to allocate OperationResult buffer");
75 }
76 } else {
77 ALOGE("Failed to readInplace OperationResult data");
78 }
79 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]80 outParams.readFromParcel(in);
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame]81 return OK;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]82}
83
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame]84status_t OperationResult::writeToParcel(Parcel* out) const {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]85 out->writeInt32(resultCode);
86 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]87 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]88 out->writeInt32(inputConsumed);
89 out->writeInt32(dataLength);
90 if (dataLength && data) {
91 void* buf = out->writeInplace(dataLength);
92 if (buf) {
93 memcpy(buf, data.get(), dataLength);
94 } else {
95 ALOGE("Failed to writeInplace OperationResult data.");
96 }
97 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]98 outParams.writeToParcel(out);
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame]99 return OK;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]100}
101
102ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
103}
104
105ExportResult::~ExportResult() {
106}
107
Bin Chen96d62712016-08-25 14:41:53 +1000[diff] [blame]108status_t ExportResult::readFromParcel(const Parcel* inn) {
109 const Parcel& in = *inn;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]110 resultCode = in.readInt32();
111 ssize_t length = in.readInt32();
112 dataLength = 0;
113 if (length > 0) {
114 const void* buf = in.readInplace(length);
115 if (buf) {
116 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
117 if (exportData.get()) {
118 memcpy(exportData.get(), buf, length);
119 dataLength = (size_t) length;
120 } else {
121 ALOGE("Failed to allocate ExportData buffer");
122 }
123 } else {
124 ALOGE("Failed to readInplace ExportData data");
125 }
126 }
Bin Chen96d62712016-08-25 14:41:53 +1000[diff] [blame]127 return OK;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]128}
129
Bin Chen96d62712016-08-25 14:41:53 +1000[diff] [blame]130status_t ExportResult::writeToParcel(Parcel* out) const {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]131 out->writeInt32(resultCode);
132 out->writeInt32(dataLength);
133 if (exportData && dataLength) {
134 void* buf = out->writeInplace(dataLength);
135 if (buf) {
136 memcpy(buf, exportData.get(), dataLength);
137 } else {
138 ALOGE("Failed to writeInplace ExportResult data.");
139 }
140 }
Bin Chen96d62712016-08-25 14:41:53 +1000[diff] [blame]141 return OK;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]142}
143
144KeymasterArguments::KeymasterArguments() {
145}
146
147KeymasterArguments::~KeymasterArguments() {
148 keymaster_free_param_values(params.data(), params.size());
149}
150
151void KeymasterArguments::readFromParcel(const Parcel& in) {
152 ssize_t length = in.readInt32();
153 size_t ulength = (size_t) length;
154 if (length < 0) {
155 ulength = 0;
156 }
157 keymaster_free_param_values(params.data(), params.size());
158 params.clear();
159 for(size_t i = 0; i < ulength; i++) {
160 keymaster_key_param_t param;
161 if (!readKeymasterArgumentFromParcel(in, &param)) {
162 ALOGE("Error reading keymaster argument from parcel");
163 break;
164 }
165 params.push_back(param);
166 }
167}
168
169void KeymasterArguments::writeToParcel(Parcel* out) const {
170 out->writeInt32(params.size());
171 for (auto param : params) {
172 out->writeInt32(1);
173 writeKeymasterArgumentToParcel(param, out);
174 }
175}
176
177KeyCharacteristics::KeyCharacteristics() {
178 memset((void*) &characteristics, 0, sizeof(characteristics));
179}
180
181KeyCharacteristics::~KeyCharacteristics() {
182 keymaster_free_characteristics(&characteristics);
183}
184
Bin Chen863f16f2016-08-25 15:13:51 +1000[diff] [blame^]185status_t KeyCharacteristics::readFromParcel(const Parcel* inn) {
186 const Parcel& in = *inn;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]187 size_t length = 0;
188 keymaster_key_param_t* params = readParamList(in, &length);
189 characteristics.sw_enforced.params = params;
190 characteristics.sw_enforced.length = length;
191
192 params = readParamList(in, &length);
193 characteristics.hw_enforced.params = params;
194 characteristics.hw_enforced.length = length;
Bin Chen863f16f2016-08-25 15:13:51 +1000[diff] [blame^]195 return OK;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]196}
197
Bin Chen863f16f2016-08-25 15:13:51 +1000[diff] [blame^]198status_t KeyCharacteristics::writeToParcel(Parcel* out) const {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]199 if (characteristics.sw_enforced.params) {
200 out->writeInt32(characteristics.sw_enforced.length);
201 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
202 out->writeInt32(1);
203 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
204 }
205 } else {
206 out->writeInt32(0);
207 }
208 if (characteristics.hw_enforced.params) {
209 out->writeInt32(characteristics.hw_enforced.length);
210 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
211 out->writeInt32(1);
212 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
213 }
214 } else {
215 out->writeInt32(0);
216 }
Bin Chen863f16f2016-08-25 15:13:51 +1000[diff] [blame^]217 return OK;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]218}
219
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]220KeymasterCertificateChain::KeymasterCertificateChain() {
221 memset(&chain, 0, sizeof(chain));
222}
223
224KeymasterCertificateChain::~KeymasterCertificateChain() {
225 keymaster_free_cert_chain(&chain);
226}
227
228static bool readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) {
229 if (in.readInt32() != 1) {
230 return false;
231 }
232
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]233 ssize_t length = in.readInt32();
234 if (length <= 0) {
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]235 return false;
236 }
237
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]238 blob->data = reinterpret_cast<const uint8_t*>(malloc(length));
239 if (!blob->data)
240 return false;
241
242 const void* buf = in.readInplace(length);
243 if (!buf)
244 return false;
245
246 blob->data_length = static_cast<size_t>(length);
247 memcpy(const_cast<uint8_t*>(blob->data), buf, length);
248
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]249 return true;
250}
251
252void KeymasterCertificateChain::readFromParcel(const Parcel& in) {
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]253 keymaster_free_cert_chain(&chain);
254
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]255 ssize_t count = in.readInt32();
256 size_t ucount = count;
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]257 if (count <= 0) {
258 return;
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]259 }
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]260
261 chain.entries = reinterpret_cast<keymaster_blob_t*>(malloc(sizeof(keymaster_blob_t) * ucount));
262 if (!chain.entries) {
263 ALOGE("Error allocating memory for certificate chain");
264 return;
265 }
266
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]267 memset(chain.entries, 0, sizeof(keymaster_blob_t) * ucount);
268 for (size_t i = 0; i < ucount; ++i) {
269 if (!readKeymasterBlob(in, &chain.entries[i])) {
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]270 ALOGE("Error reading certificate from parcel");
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]271 keymaster_free_cert_chain(&chain);
272 return;
273 }
274 }
275}
276
277void KeymasterCertificateChain::writeToParcel(Parcel* out) const {
278 out->writeInt32(chain.entry_count);
279 for (size_t i = 0; i < chain.entry_count; ++i) {
280 if (chain.entries[i].data) {
281 out->writeInt32(1); // Tell Java side that object is not NULL
282 out->writeInt32(chain.entries[i].data_length);
283 void* buf = out->writeInplace(chain.entries[i].data_length);
284 if (buf) {
285 memcpy(buf, chain.entries[i].data, chain.entries[i].data_length);
286 } else {
287 ALOGE("Failed to writeInplace keymaster cert chain entry");
288 }
289 } else {
290 out->writeInt32(0); // Tell Java side this object is NULL.
291 ALOGE("Found NULL certificate chain entry");
292 }
293 }
294}
295
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]296void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
297 switch (keymaster_tag_get_type(param.tag)) {
298 case KM_ENUM:
299 case KM_ENUM_REP: {
300 out->writeInt32(param.tag);
301 out->writeInt32(param.enumerated);
302 break;
303 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]304 case KM_UINT:
305 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]306 out->writeInt32(param.tag);
307 out->writeInt32(param.integer);
308 break;
309 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]310 case KM_ULONG:
311 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]312 out->writeInt32(param.tag);
313 out->writeInt64(param.long_integer);
314 break;
315 }
316 case KM_DATE: {
317 out->writeInt32(param.tag);
318 out->writeInt64(param.date_time);
319 break;
320 }
321 case KM_BOOL: {
322 out->writeInt32(param.tag);
323 break;
324 }
325 case KM_BIGNUM:
326 case KM_BYTES: {
327 out->writeInt32(param.tag);
328 out->writeInt32(param.blob.data_length);
329 void* buf = out->writeInplace(param.blob.data_length);
330 if (buf) {
331 memcpy(buf, param.blob.data, param.blob.data_length);
332 } else {
333 ALOGE("Failed to writeInplace keymaster blob param");
334 }
335 break;
336 }
337 default: {
338 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
339 }
340 }
341}
342
343
344bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
345 if (in.readInt32() == 0) {
346 return false;
347 }
348 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
349 switch (keymaster_tag_get_type(tag)) {
350 case KM_ENUM:
351 case KM_ENUM_REP: {
352 uint32_t value = in.readInt32();
353 *out = keymaster_param_enum(tag, value);
354 break;
355 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]356 case KM_UINT:
357 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]358 uint32_t value = in.readInt32();
359 *out = keymaster_param_int(tag, value);
360 break;
361 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]362 case KM_ULONG:
363 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]364 uint64_t value = in.readInt64();
365 *out = keymaster_param_long(tag, value);
366 break;
367 }
368 case KM_DATE: {
369 uint64_t value = in.readInt64();
370 *out = keymaster_param_date(tag, value);
371 break;
372 }
373 case KM_BOOL: {
374 *out = keymaster_param_bool(tag);
375 break;
376 }
377 case KM_BIGNUM:
378 case KM_BYTES: {
379 ssize_t length = in.readInt32();
380 uint8_t* data = NULL;
381 size_t ulength = 0;
382 if (length >= 0) {
383 ulength = (size_t) length;
384 // use malloc here so we can use keymaster_free_param_values
385 // consistently.
386 data = reinterpret_cast<uint8_t*>(malloc(ulength));
387 const void* buf = in.readInplace(ulength);
388 if (!buf || !data) {
389 ALOGE("Failed to allocate buffer for keymaster blob param");
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]390 free(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]391 return false;
392 }
393 memcpy(data, buf, ulength);
394 }
395 *out = keymaster_param_blob(tag, data, ulength);
396 break;
397 }
398 default: {
399 ALOGE("Unsupported keymaster_tag_t %d", tag);
400 return false;
401 }
402 }
403 return true;
404}
405
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]406/**
407 * Read a byte array from in. The data at *data is still owned by the parcel
408 */
409static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
410 ssize_t slength = in.readInt32();
411 if (slength > 0) {
412 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
413 if (*data) {
414 *length = static_cast<size_t>(slength);
415 } else {
416 *length = 0;
417 }
418 } else {
419 *data = NULL;
420 *length = 0;
421 }
422}
423
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]424// Read a keymaster_key_param_t* from a Parcel for use in a
425// keymaster_key_characteristics_t. This will be free'd by calling
426// keymaster_free_key_characteristics.
427static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
428 ssize_t slength = in.readInt32();
429 *length = 0;
430 if (slength < 0) {
431 return NULL;
432 }
433 *length = (size_t) slength;
434 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
435 return NULL;
436 }
437 keymaster_key_param_t* list =
438 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
439 sizeof(keymaster_key_param_t)));
440 if (!list) {
441 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
442 goto err;
443 }
444 for (size_t i = 0; i < *length ; i++) {
445 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
446 ALOGE("Failed to read keymaster argument");
447 keymaster_free_param_values(list, i);
448 goto err;
449 }
450 }
451 return list;
452err:
453 free(list);
454 return NULL;
455}
456
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]457static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]458 std::unique_ptr<keymaster_blob_t> blob (new keymaster_blob_t);
459 if (!readKeymasterBlob(in, blob.get())) {
460 blob.reset();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]461 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]462 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]463}
464
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]465class BpKeystoreService: public BpInterface<IKeystoreService>
466{
467public:
Chih-Hung Hsiehd3bccc82016-04-25 12:11:44 -0700[diff] [blame]468 explicit BpKeystoreService(const sp<IBinder>& impl)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]469 : BpInterface<IKeystoreService>(impl)
470 {
471 }
472
473 // test ping
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]474 virtual int32_t getState(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]475 {
476 Parcel data, reply;
477 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]478 data.writeInt32(userId);
479 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]480 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]481 ALOGD("getState() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]482 return -1;
483 }
484 int32_t err = reply.readExceptionCode();
485 int32_t ret = reply.readInt32();
486 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]487 ALOGD("getState() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]488 return -1;
489 }
490 return ret;
491 }
492
493 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
494 {
495 Parcel data, reply;
496 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
497 data.writeString16(name);
498 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
499 if (status != NO_ERROR) {
500 ALOGD("get() could not contact remote: %d\n", status);
501 return -1;
502 }
503 int32_t err = reply.readExceptionCode();
504 ssize_t len = reply.readInt32();
505 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
506 size_t ulen = (size_t) len;
507 const void* buf = reply.readInplace(ulen);
508 *item = (uint8_t*) malloc(ulen);
509 if (*item != NULL) {
510 memcpy(*item, buf, ulen);
511 *itemLength = ulen;
512 } else {
513 ALOGE("out of memory allocating output array in get");
514 *itemLength = 0;
515 }
516 } else {
517 *itemLength = 0;
518 }
519 if (err < 0) {
520 ALOGD("get() caught exception %d\n", err);
521 return -1;
522 }
523 return 0;
524 }
525
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]526 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
527 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]528 {
529 Parcel data, reply;
530 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
531 data.writeString16(name);
532 data.writeInt32(itemLength);
533 void* buf = data.writeInplace(itemLength);
534 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]535 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]536 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]537 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
538 if (status != NO_ERROR) {
539 ALOGD("import() could not contact remote: %d\n", status);
540 return -1;
541 }
542 int32_t err = reply.readExceptionCode();
543 int32_t ret = reply.readInt32();
544 if (err < 0) {
545 ALOGD("import() caught exception %d\n", err);
546 return -1;
547 }
548 return ret;
549 }
550
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]551 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]552 {
553 Parcel data, reply;
554 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
555 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]556 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]557 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
558 if (status != NO_ERROR) {
559 ALOGD("del() could not contact remote: %d\n", status);
560 return -1;
561 }
562 int32_t err = reply.readExceptionCode();
563 int32_t ret = reply.readInt32();
564 if (err < 0) {
565 ALOGD("del() caught exception %d\n", err);
566 return -1;
567 }
568 return ret;
569 }
570
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]571 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]572 {
573 Parcel data, reply;
574 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
575 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]576 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]577 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
578 if (status != NO_ERROR) {
579 ALOGD("exist() could not contact remote: %d\n", status);
580 return -1;
581 }
582 int32_t err = reply.readExceptionCode();
583 int32_t ret = reply.readInt32();
584 if (err < 0) {
585 ALOGD("exist() caught exception %d\n", err);
586 return -1;
587 }
588 return ret;
589 }
590
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]591 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]592 {
593 Parcel data, reply;
594 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]595 data.writeString16(prefix);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]596 data.writeInt32(uid);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]597 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]598 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]599 ALOGD("list() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]600 return -1;
601 }
602 int32_t err = reply.readExceptionCode();
603 int32_t numMatches = reply.readInt32();
604 for (int32_t i = 0; i < numMatches; i++) {
605 matches->push(reply.readString16());
606 }
607 int32_t ret = reply.readInt32();
608 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]609 ALOGD("list() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]610 return -1;
611 }
612 return ret;
613 }
614
615 virtual int32_t reset()
616 {
617 Parcel data, reply;
618 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
619 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
620 if (status != NO_ERROR) {
621 ALOGD("reset() could not contact remote: %d\n", status);
622 return -1;
623 }
624 int32_t err = reply.readExceptionCode();
625 int32_t ret = reply.readInt32();
626 if (err < 0) {
627 ALOGD("reset() caught exception %d\n", err);
628 return -1;
629 }
630 return ret;
631 }
632
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]633 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]634 {
635 Parcel data, reply;
636 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]637 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]638 data.writeString16(password);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]639 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
640 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]641 if (status != NO_ERROR) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]642 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]643 return -1;
644 }
645 int32_t err = reply.readExceptionCode();
646 int32_t ret = reply.readInt32();
647 if (err < 0) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]648 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]649 return -1;
650 }
651 return ret;
652 }
653
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]654 virtual int32_t lock(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]655 {
656 Parcel data, reply;
657 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]658 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]659 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
660 if (status != NO_ERROR) {
661 ALOGD("lock() could not contact remote: %d\n", status);
662 return -1;
663 }
664 int32_t err = reply.readExceptionCode();
665 int32_t ret = reply.readInt32();
666 if (err < 0) {
667 ALOGD("lock() caught exception %d\n", err);
668 return -1;
669 }
670 return ret;
671 }
672
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]673 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]674 {
675 Parcel data, reply;
676 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]677 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]678 data.writeString16(password);
679 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
680 if (status != NO_ERROR) {
681 ALOGD("unlock() could not contact remote: %d\n", status);
682 return -1;
683 }
684 int32_t err = reply.readExceptionCode();
685 int32_t ret = reply.readInt32();
686 if (err < 0) {
687 ALOGD("unlock() caught exception %d\n", err);
688 return -1;
689 }
690 return ret;
691 }
692
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]693 virtual bool isEmpty(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]694 {
695 Parcel data, reply;
696 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]697 data.writeInt32(userId);
698 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]699 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]700 ALOGD("isEmpty() could not contact remote: %d\n", status);
701 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]702 }
703 int32_t err = reply.readExceptionCode();
704 int32_t ret = reply.readInt32();
705 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]706 ALOGD("isEmpty() caught exception %d\n", err);
707 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]708 }
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]709 return ret != 0;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]710 }
711
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]712 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
713 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]714 {
715 Parcel data, reply;
716 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
717 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]718 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]719 data.writeInt32(keyType);
720 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]721 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]722 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]723 data.writeInt32(args->size());
724 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
725 sp<KeystoreArg> item = *it;
726 size_t keyLength = item->size();
727 data.writeInt32(keyLength);
728 void* buf = data.writeInplace(keyLength);
729 memcpy(buf, item->data(), keyLength);
730 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]731 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
732 if (status != NO_ERROR) {
733 ALOGD("generate() could not contact remote: %d\n", status);
734 return -1;
735 }
736 int32_t err = reply.readExceptionCode();
737 int32_t ret = reply.readInt32();
738 if (err < 0) {
739 ALOGD("generate() caught exception %d\n", err);
740 return -1;
741 }
742 return ret;
743 }
744
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]745 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
746 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]747 {
748 Parcel data, reply;
749 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
750 data.writeString16(name);
751 data.writeInt32(keyLength);
752 void* buf = data.writeInplace(keyLength);
753 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]754 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]755 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]756 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
757 if (status != NO_ERROR) {
758 ALOGD("import() could not contact remote: %d\n", status);
759 return -1;
760 }
761 int32_t err = reply.readExceptionCode();
762 int32_t ret = reply.readInt32();
763 if (err < 0) {
764 ALOGD("import() caught exception %d\n", err);
765 return -1;
766 }
767 return ret;
768 }
769
770 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
771 size_t* outLength)
772 {
773 Parcel data, reply;
774 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
775 data.writeString16(name);
776 data.writeInt32(inLength);
777 void* buf = data.writeInplace(inLength);
778 memcpy(buf, in, inLength);
779 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
780 if (status != NO_ERROR) {
781 ALOGD("import() could not contact remote: %d\n", status);
782 return -1;
783 }
784 int32_t err = reply.readExceptionCode();
785 ssize_t len = reply.readInt32();
786 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
787 size_t ulen = (size_t) len;
788 const void* outBuf = reply.readInplace(ulen);
789 *out = (uint8_t*) malloc(ulen);
790 if (*out != NULL) {
791 memcpy((void*) *out, outBuf, ulen);
792 *outLength = ulen;
793 } else {
794 ALOGE("out of memory allocating output array in sign");
795 *outLength = 0;
796 }
797 } else {
798 *outLength = 0;
799 }
800 if (err < 0) {
801 ALOGD("import() caught exception %d\n", err);
802 return -1;
803 }
804 return 0;
805 }
806
807 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
808 const uint8_t* signature, size_t signatureLength)
809 {
810 Parcel data, reply;
811 void* buf;
812
813 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
814 data.writeString16(name);
815 data.writeInt32(inLength);
816 buf = data.writeInplace(inLength);
817 memcpy(buf, in, inLength);
818 data.writeInt32(signatureLength);
819 buf = data.writeInplace(signatureLength);
820 memcpy(buf, signature, signatureLength);
821 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
822 if (status != NO_ERROR) {
823 ALOGD("verify() could not contact remote: %d\n", status);
824 return -1;
825 }
826 int32_t err = reply.readExceptionCode();
827 int32_t ret = reply.readInt32();
828 if (err < 0) {
829 ALOGD("verify() caught exception %d\n", err);
830 return -1;
831 }
832 return ret;
833 }
834
835 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
836 {
837 Parcel data, reply;
838 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
839 data.writeString16(name);
840 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
841 if (status != NO_ERROR) {
842 ALOGD("get_pubkey() could not contact remote: %d\n", status);
843 return -1;
844 }
845 int32_t err = reply.readExceptionCode();
846 ssize_t len = reply.readInt32();
847 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
848 size_t ulen = (size_t) len;
849 const void* buf = reply.readInplace(ulen);
850 *pubkey = (uint8_t*) malloc(ulen);
851 if (*pubkey != NULL) {
852 memcpy(*pubkey, buf, ulen);
853 *pubkeyLength = ulen;
854 } else {
855 ALOGE("out of memory allocating output array in get_pubkey");
856 *pubkeyLength = 0;
857 }
858 } else {
859 *pubkeyLength = 0;
860 }
861 if (err < 0) {
862 ALOGD("get_pubkey() caught exception %d\n", err);
863 return -1;
864 }
865 return 0;
866 }
867
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]868 virtual int32_t grant(const String16& name, int32_t granteeUid)
869 {
870 Parcel data, reply;
871 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
872 data.writeString16(name);
873 data.writeInt32(granteeUid);
874 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
875 if (status != NO_ERROR) {
876 ALOGD("grant() could not contact remote: %d\n", status);
877 return -1;
878 }
879 int32_t err = reply.readExceptionCode();
880 int32_t ret = reply.readInt32();
881 if (err < 0) {
882 ALOGD("grant() caught exception %d\n", err);
883 return -1;
884 }
885 return ret;
886 }
887
888 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
889 {
890 Parcel data, reply;
891 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
892 data.writeString16(name);
893 data.writeInt32(granteeUid);
894 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
895 if (status != NO_ERROR) {
896 ALOGD("ungrant() could not contact remote: %d\n", status);
897 return -1;
898 }
899 int32_t err = reply.readExceptionCode();
900 int32_t ret = reply.readInt32();
901 if (err < 0) {
902 ALOGD("ungrant() caught exception %d\n", err);
903 return -1;
904 }
905 return ret;
906 }
907
908 int64_t getmtime(const String16& name)
909 {
910 Parcel data, reply;
911 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
912 data.writeString16(name);
913 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
914 if (status != NO_ERROR) {
915 ALOGD("getmtime() could not contact remote: %d\n", status);
916 return -1;
917 }
918 int32_t err = reply.readExceptionCode();
919 int64_t ret = reply.readInt64();
920 if (err < 0) {
921 ALOGD("getmtime() caught exception %d\n", err);
922 return -1;
923 }
924 return ret;
925 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]926
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]927 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
928 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]929 {
930 Parcel data, reply;
931 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]932 data.writeString16(srcKey);
933 data.writeInt32(srcUid);
934 data.writeString16(destKey);
935 data.writeInt32(destUid);
936 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]937 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]938 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]939 return -1;
940 }
941 int32_t err = reply.readExceptionCode();
942 int32_t ret = reply.readInt32();
943 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]944 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]945 return -1;
946 }
947 return ret;
948 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]949
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]950 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]951 {
952 Parcel data, reply;
953 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]954 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]955 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
956 if (status != NO_ERROR) {
957 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
958 return -1;
959 }
960 int32_t err = reply.readExceptionCode();
961 int32_t ret = reply.readInt32();
962 if (err < 0) {
963 ALOGD("is_hardware_backed() caught exception %d\n", err);
964 return -1;
965 }
966 return ret;
967 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]968
969 virtual int32_t clear_uid(int64_t uid)
970 {
971 Parcel data, reply;
972 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
973 data.writeInt64(uid);
974 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
975 if (status != NO_ERROR) {
976 ALOGD("clear_uid() could not contact remote: %d\n", status);
977 return -1;
978 }
979 int32_t err = reply.readExceptionCode();
980 int32_t ret = reply.readInt32();
981 if (err < 0) {
982 ALOGD("clear_uid() caught exception %d\n", err);
983 return -1;
984 }
985 return ret;
986 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]987
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]988 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
989 {
990 Parcel data, reply;
991 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]992 data.writeByteArray(bufLength, buf);
993 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
994 if (status != NO_ERROR) {
995 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
996 return -1;
997 }
998 int32_t err = reply.readExceptionCode();
999 int32_t ret = reply.readInt32();
1000 if (err < 0) {
1001 ALOGD("addRngEntropy() caught exception %d\n", err);
1002 return -1;
1003 }
1004 return ret;
1005 };
1006
1007 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1008 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
1009 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1010 {
1011 Parcel data, reply;
1012 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1013 data.writeString16(name);
1014 data.writeInt32(1);
1015 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1016 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1017 data.writeInt32(uid);
1018 data.writeInt32(flags);
1019 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
1020 if (status != NO_ERROR) {
1021 ALOGD("generateKey() could not contact remote: %d\n", status);
1022 return KM_ERROR_UNKNOWN_ERROR;
1023 }
1024 int32_t err = reply.readExceptionCode();
1025 int32_t ret = reply.readInt32();
1026 if (err < 0) {
1027 ALOGD("generateKey() caught exception %d\n", err);
1028 return KM_ERROR_UNKNOWN_ERROR;
1029 }
Bin Chen863f16f2016-08-25 15:13:51 +1000[diff] [blame^]1030 if (outCharacteristics) {
1031 reply.readParcelable(outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1032 }
1033 return ret;
1034 }
1035 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1036 const keymaster_blob_t* clientId,
1037 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1038 KeyCharacteristics* outCharacteristics)
1039 {
1040 Parcel data, reply;
1041 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1042 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1043 if (clientId) {
1044 data.writeByteArray(clientId->data_length, clientId->data);
1045 } else {
1046 data.writeInt32(-1);
1047 }
1048 if (appData) {
1049 data.writeByteArray(appData->data_length, appData->data);
1050 } else {
1051 data.writeInt32(-1);
1052 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1053 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1054 data, &reply);
1055 if (status != NO_ERROR) {
1056 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1057 return KM_ERROR_UNKNOWN_ERROR;
1058 }
1059 int32_t err = reply.readExceptionCode();
1060 int32_t ret = reply.readInt32();
1061 if (err < 0) {
1062 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1063 return KM_ERROR_UNKNOWN_ERROR;
1064 }
Bin Chen863f16f2016-08-25 15:13:51 +1000[diff] [blame^]1065 if (outCharacteristics) {
1066 reply.readParcelable(outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1067 }
1068 return ret;
1069 }
1070 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1071 keymaster_key_format_t format, const uint8_t *keyData,
1072 size_t keyLength, int uid, int flags,
1073 KeyCharacteristics* outCharacteristics)
1074 {
1075 Parcel data, reply;
1076 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1077 data.writeString16(name);
1078 data.writeInt32(1);
1079 params.writeToParcel(&data);
1080 data.writeInt32(format);
1081 data.writeByteArray(keyLength, keyData);
1082 data.writeInt32(uid);
1083 data.writeInt32(flags);
1084 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1085 if (status != NO_ERROR) {
1086 ALOGD("importKey() could not contact remote: %d\n", status);
1087 return KM_ERROR_UNKNOWN_ERROR;
1088 }
1089 int32_t err = reply.readExceptionCode();
1090 int32_t ret = reply.readInt32();
1091 if (err < 0) {
1092 ALOGD("importKey() caught exception %d\n", err);
1093 return KM_ERROR_UNKNOWN_ERROR;
1094 }
Bin Chen863f16f2016-08-25 15:13:51 +1000[diff] [blame^]1095 if (outCharacteristics) {
1096 reply.readParcelable(outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1097 }
1098 return ret;
1099 }
1100
1101 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1102 const keymaster_blob_t* clientId,
1103 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1104 {
1105 if (!result) {
1106 return;
1107 }
1108
1109 Parcel data, reply;
1110 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1111 data.writeString16(name);
1112 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1113 if (clientId) {
1114 data.writeByteArray(clientId->data_length, clientId->data);
1115 } else {
1116 data.writeInt32(-1);
1117 }
1118 if (appData) {
1119 data.writeByteArray(appData->data_length, appData->data);
1120 } else {
1121 data.writeInt32(-1);
1122 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1123 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1124 if (status != NO_ERROR) {
1125 ALOGD("exportKey() could not contact remote: %d\n", status);
1126 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1127 return;
1128 }
1129 int32_t err = reply.readExceptionCode();
1130 if (err < 0) {
1131 ALOGD("exportKey() caught exception %d\n", err);
1132 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1133 return;
1134 }
Bin Chen96d62712016-08-25 14:41:53 +1000[diff] [blame]1135
1136 reply.readParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1137 }
1138
1139 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1140 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1141 const KeymasterArguments& params, const uint8_t* entropy,
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1142 size_t entropyLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1143 {
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1144 if (!result) {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1145 return;
1146 }
1147 Parcel data, reply;
1148 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1149 data.writeStrongBinder(appToken);
1150 data.writeString16(name);
1151 data.writeInt32(purpose);
1152 data.writeInt32(pruneable ? 1 : 0);
1153 data.writeInt32(1);
1154 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1155 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1156 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1157 if (status != NO_ERROR) {
1158 ALOGD("begin() could not contact remote: %d\n", status);
1159 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1160 return;
1161 }
1162 int32_t err = reply.readExceptionCode();
1163 if (err < 0) {
1164 ALOGD("begin() caught exception %d\n", err);
1165 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1166 return;
1167 }
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame]1168
1169 reply.readParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1170 }
1171
1172 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1173 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1174 {
1175 if (!result) {
1176 return;
1177 }
1178 Parcel data, reply;
1179 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1180 data.writeStrongBinder(token);
1181 data.writeInt32(1);
1182 params.writeToParcel(&data);
1183 data.writeByteArray(dataLength, opData);
1184 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1185 if (status != NO_ERROR) {
1186 ALOGD("update() could not contact remote: %d\n", status);
1187 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1188 return;
1189 }
1190 int32_t err = reply.readExceptionCode();
1191 if (err < 0) {
1192 ALOGD("update() caught exception %d\n", err);
1193 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1194 return;
1195 }
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame]1196
1197 reply.readParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1198 }
1199
1200 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1201 const uint8_t* signature, size_t signatureLength,
1202 const uint8_t* entropy, size_t entropyLength,
1203 OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1204 {
1205 if (!result) {
1206 return;
1207 }
1208 Parcel data, reply;
1209 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1210 data.writeStrongBinder(token);
1211 data.writeInt32(1);
1212 params.writeToParcel(&data);
1213 data.writeByteArray(signatureLength, signature);
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1214 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1215 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1216 if (status != NO_ERROR) {
1217 ALOGD("finish() could not contact remote: %d\n", status);
1218 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1219 return;
1220 }
1221 int32_t err = reply.readExceptionCode();
1222 if (err < 0) {
1223 ALOGD("finish() caught exception %d\n", err);
1224 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1225 return;
1226 }
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame]1227
1228 reply.readParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1229 }
1230
1231 virtual int32_t abort(const sp<IBinder>& token)
1232 {
1233 Parcel data, reply;
1234 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1235 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1236 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1237 if (status != NO_ERROR) {
1238 ALOGD("abort() could not contact remote: %d\n", status);
1239 return KM_ERROR_UNKNOWN_ERROR;
1240 }
1241 int32_t err = reply.readExceptionCode();
1242 int32_t ret = reply.readInt32();
1243 if (err < 0) {
1244 ALOGD("abort() caught exception %d\n", err);
1245 return KM_ERROR_UNKNOWN_ERROR;
1246 }
1247 return ret;
1248 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1249
1250 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1251 {
1252 Parcel data, reply;
1253 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1254 data.writeStrongBinder(token);
1255 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1256 &reply);
1257 if (status != NO_ERROR) {
1258 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1259 return false;
1260 }
1261 int32_t err = reply.readExceptionCode();
1262 int32_t ret = reply.readInt32();
1263 if (err < 0) {
1264 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1265 return false;
1266 }
1267 return ret == 1;
1268 }
1269
1270 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1271 {
1272 Parcel data, reply;
1273 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1274 data.writeByteArray(length, token);
1275 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1276 if (status != NO_ERROR) {
1277 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1278 return -1;
1279 }
1280 int32_t err = reply.readExceptionCode();
1281 int32_t ret = reply.readInt32();
1282 if (err < 0) {
1283 ALOGD("addAuthToken() caught exception %d\n", err);
1284 return -1;
1285 }
1286 return ret;
1287 };
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1288
1289 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1290 {
1291 Parcel data, reply;
1292 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1293 data.writeInt32(userId);
1294 data.writeInt32(parentId);
1295 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1296 if (status != NO_ERROR) {
1297 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1298 return -1;
1299 }
1300 int32_t err = reply.readExceptionCode();
1301 int32_t ret = reply.readInt32();
1302 if (err < 0) {
1303 ALOGD("onUserAdded() caught exception %d\n", err);
1304 return -1;
1305 }
1306 return ret;
1307 }
1308
1309 virtual int32_t onUserRemoved(int32_t userId)
1310 {
1311 Parcel data, reply;
1312 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1313 data.writeInt32(userId);
1314 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1315 if (status != NO_ERROR) {
1316 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1317 return -1;
1318 }
1319 int32_t err = reply.readExceptionCode();
1320 int32_t ret = reply.readInt32();
1321 if (err < 0) {
1322 ALOGD("onUserRemoved() caught exception %d\n", err);
1323 return -1;
1324 }
1325 return ret;
1326 }
1327
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]1328 virtual int32_t attestKey(const String16& name, const KeymasterArguments& params,
1329 KeymasterCertificateChain* outChain) {
1330 if (!outChain)
1331 return KM_ERROR_OUTPUT_PARAMETER_NULL;
1332
1333 Parcel data, reply;
1334 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1335 data.writeString16(name);
1336 data.writeInt32(1); // params is not NULL.
1337 params.writeToParcel(&data);
1338
1339 status_t status = remote()->transact(BnKeystoreService::ATTEST_KEY, data, &reply);
1340 if (status != NO_ERROR) {
1341 ALOGD("attestkey() count not contact remote: %d\n", status);
1342 return KM_ERROR_UNKNOWN_ERROR;
1343 }
1344 int32_t err = reply.readExceptionCode();
1345 int32_t ret = reply.readInt32();
1346 if (err < 0) {
1347 ALOGD("attestKey() caught exception %d\n", err);
1348 return KM_ERROR_UNKNOWN_ERROR;
1349 }
1350 if (reply.readInt32() != 0) {
1351 outChain->readFromParcel(reply);
1352 }
1353 return ret;
1354 }
1355
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1356};
1357
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1358IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1359
1360// ----------------------------------------------------------------------
1361
1362status_t BnKeystoreService::onTransact(
1363 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1364{
1365 switch(code) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1366 case GET_STATE: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1367 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1368 int32_t userId = data.readInt32();
1369 int32_t ret = getState(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1370 reply->writeNoException();
1371 reply->writeInt32(ret);
1372 return NO_ERROR;
1373 } break;
1374 case GET: {
1375 CHECK_INTERFACE(IKeystoreService, data, reply);
1376 String16 name = data.readString16();
1377 void* out = NULL;
1378 size_t outSize = 0;
1379 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1380 reply->writeNoException();
1381 if (ret == 1) {
1382 reply->writeInt32(outSize);
1383 void* buf = reply->writeInplace(outSize);
1384 memcpy(buf, out, outSize);
1385 free(out);
1386 } else {
1387 reply->writeInt32(-1);
1388 }
1389 return NO_ERROR;
1390 } break;
1391 case INSERT: {
1392 CHECK_INTERFACE(IKeystoreService, data, reply);
1393 String16 name = data.readString16();
1394 ssize_t inSize = data.readInt32();
1395 const void* in;
1396 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1397 in = data.readInplace(inSize);
1398 } else {
1399 in = NULL;
1400 inSize = 0;
1401 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1402 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1403 int32_t flags = data.readInt32();
1404 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1405 reply->writeNoException();
1406 reply->writeInt32(ret);
1407 return NO_ERROR;
1408 } break;
1409 case DEL: {
1410 CHECK_INTERFACE(IKeystoreService, data, reply);
1411 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1412 int uid = data.readInt32();
1413 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1414 reply->writeNoException();
1415 reply->writeInt32(ret);
1416 return NO_ERROR;
1417 } break;
1418 case EXIST: {
1419 CHECK_INTERFACE(IKeystoreService, data, reply);
1420 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1421 int uid = data.readInt32();
1422 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1423 reply->writeNoException();
1424 reply->writeInt32(ret);
1425 return NO_ERROR;
1426 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1427 case LIST: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1428 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1429 String16 prefix = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1430 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1431 Vector<String16> matches;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1432 int32_t ret = list(prefix, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1433 reply->writeNoException();
1434 reply->writeInt32(matches.size());
1435 Vector<String16>::const_iterator it = matches.begin();
1436 for (; it != matches.end(); ++it) {
1437 reply->writeString16(*it);
1438 }
1439 reply->writeInt32(ret);
1440 return NO_ERROR;
1441 } break;
1442 case RESET: {
1443 CHECK_INTERFACE(IKeystoreService, data, reply);
1444 int32_t ret = reset();
1445 reply->writeNoException();
1446 reply->writeInt32(ret);
1447 return NO_ERROR;
1448 } break;
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1449 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1450 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1451 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1452 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1453 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1454 reply->writeNoException();
1455 reply->writeInt32(ret);
1456 return NO_ERROR;
1457 } break;
1458 case LOCK: {
1459 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1460 int32_t userId = data.readInt32();
1461 int32_t ret = lock(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1462 reply->writeNoException();
1463 reply->writeInt32(ret);
1464 return NO_ERROR;
1465 } break;
1466 case UNLOCK: {
1467 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1468 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1469 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1470 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1471 reply->writeNoException();
1472 reply->writeInt32(ret);
1473 return NO_ERROR;
1474 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1475 case IS_EMPTY: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1476 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1477 int32_t userId = data.readInt32();
1478 bool ret = isEmpty(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1479 reply->writeNoException();
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1480 reply->writeInt32(ret ? 1 : 0);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1481 return NO_ERROR;
1482 } break;
1483 case GENERATE: {
1484 CHECK_INTERFACE(IKeystoreService, data, reply);
1485 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1486 int32_t uid = data.readInt32();
1487 int32_t keyType = data.readInt32();
1488 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1489 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1490 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1491 int32_t argsPresent = data.readInt32();
1492 if (argsPresent == 1) {
1493 ssize_t numArgs = data.readInt32();
Chad Brubakered4f5662015-01-14 19:22:09 -0800[diff] [blame]1494 if (numArgs > MAX_GENERATE_ARGS) {
1495 return BAD_VALUE;
1496 }
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1497 if (numArgs > 0) {
1498 for (size_t i = 0; i < (size_t) numArgs; i++) {
1499 ssize_t inSize = data.readInt32();
1500 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1501 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1502 inSize);
1503 args.push_back(arg);
1504 } else {
1505 args.push_back(NULL);
1506 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1507 }
1508 }
1509 }
1510 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1511 reply->writeNoException();
1512 reply->writeInt32(ret);
1513 return NO_ERROR;
1514 } break;
1515 case IMPORT: {
1516 CHECK_INTERFACE(IKeystoreService, data, reply);
1517 String16 name = data.readString16();
1518 ssize_t inSize = data.readInt32();
1519 const void* in;
1520 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1521 in = data.readInplace(inSize);
1522 } else {
1523 in = NULL;
1524 inSize = 0;
1525 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1526 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1527 int32_t flags = data.readInt32();
1528 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1529 reply->writeNoException();
1530 reply->writeInt32(ret);
1531 return NO_ERROR;
1532 } break;
1533 case SIGN: {
1534 CHECK_INTERFACE(IKeystoreService, data, reply);
1535 String16 name = data.readString16();
1536 ssize_t inSize = data.readInt32();
1537 const void* in;
1538 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1539 in = data.readInplace(inSize);
1540 } else {
1541 in = NULL;
1542 inSize = 0;
1543 }
1544 void* out = NULL;
1545 size_t outSize = 0;
1546 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1547 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1548 if (outSize > 0 && out != NULL) {
1549 reply->writeInt32(outSize);
1550 void* buf = reply->writeInplace(outSize);
1551 memcpy(buf, out, outSize);
Chad Brubaker3a7d9e62015-06-04 15:01:46 -0700[diff] [blame]1552 delete[] reinterpret_cast<uint8_t*>(out);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1553 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1554 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1555 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1556 reply->writeInt32(ret);
1557 return NO_ERROR;
1558 } break;
1559 case VERIFY: {
1560 CHECK_INTERFACE(IKeystoreService, data, reply);
1561 String16 name = data.readString16();
1562 ssize_t inSize = data.readInt32();
1563 const void* in;
1564 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1565 in = data.readInplace(inSize);
1566 } else {
1567 in = NULL;
1568 inSize = 0;
1569 }
1570 ssize_t sigSize = data.readInt32();
1571 const void* sig;
1572 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1573 sig = data.readInplace(sigSize);
1574 } else {
1575 sig = NULL;
1576 sigSize = 0;
1577 }
1578 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1579 (size_t) sigSize);
1580 reply->writeNoException();
1581 reply->writeInt32(ret ? 1 : 0);
1582 return NO_ERROR;
1583 } break;
1584 case GET_PUBKEY: {
1585 CHECK_INTERFACE(IKeystoreService, data, reply);
1586 String16 name = data.readString16();
1587 void* out = NULL;
1588 size_t outSize = 0;
1589 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1590 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1591 if (outSize > 0 && out != NULL) {
1592 reply->writeInt32(outSize);
1593 void* buf = reply->writeInplace(outSize);
1594 memcpy(buf, out, outSize);
1595 free(out);
1596 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1597 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1598 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1599 reply->writeInt32(ret);
1600 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1601 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1602 case GRANT: {
1603 CHECK_INTERFACE(IKeystoreService, data, reply);
1604 String16 name = data.readString16();
1605 int32_t granteeUid = data.readInt32();
1606 int32_t ret = grant(name, granteeUid);
1607 reply->writeNoException();
1608 reply->writeInt32(ret);
1609 return NO_ERROR;
1610 } break;
1611 case UNGRANT: {
1612 CHECK_INTERFACE(IKeystoreService, data, reply);
1613 String16 name = data.readString16();
1614 int32_t granteeUid = data.readInt32();
1615 int32_t ret = ungrant(name, granteeUid);
1616 reply->writeNoException();
1617 reply->writeInt32(ret);
1618 return NO_ERROR;
1619 } break;
1620 case GETMTIME: {
1621 CHECK_INTERFACE(IKeystoreService, data, reply);
1622 String16 name = data.readString16();
1623 int64_t ret = getmtime(name);
1624 reply->writeNoException();
1625 reply->writeInt64(ret);
1626 return NO_ERROR;
1627 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1628 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1629 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1630 String16 srcKey = data.readString16();
1631 int32_t srcUid = data.readInt32();
1632 String16 destKey = data.readString16();
1633 int32_t destUid = data.readInt32();
1634 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1635 reply->writeNoException();
1636 reply->writeInt32(ret);
1637 return NO_ERROR;
1638 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1639 case IS_HARDWARE_BACKED: {
1640 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1641 String16 keyType = data.readString16();
1642 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1643 reply->writeNoException();
1644 reply->writeInt32(ret);
1645 return NO_ERROR;
1646 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1647 case CLEAR_UID: {
1648 CHECK_INTERFACE(IKeystoreService, data, reply);
1649 int64_t uid = data.readInt64();
1650 int32_t ret = clear_uid(uid);
1651 reply->writeNoException();
1652 reply->writeInt32(ret);
1653 return NO_ERROR;
1654 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1655 case ADD_RNG_ENTROPY: {
1656 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1657 const uint8_t* bytes = NULL;
1658 size_t size = 0;
1659 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1660 int32_t ret = addRngEntropy(bytes, size);
1661 reply->writeNoException();
1662 reply->writeInt32(ret);
1663 return NO_ERROR;
1664 }
1665 case GENERATE_KEY: {
1666 CHECK_INTERFACE(IKeystoreService, data, reply);
1667 String16 name = data.readString16();
1668 KeymasterArguments args;
1669 if (data.readInt32() != 0) {
1670 args.readFromParcel(data);
1671 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1672 const uint8_t* entropy = NULL;
1673 size_t entropyLength = 0;
1674 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1675 int32_t uid = data.readInt32();
1676 int32_t flags = data.readInt32();
1677 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1678 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1679 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1680 reply->writeNoException();
1681 reply->writeInt32(ret);
Bin Chen863f16f2016-08-25 15:13:51 +1000[diff] [blame^]1682 reply->writeParcelable(outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1683 return NO_ERROR;
1684 }
1685 case GET_KEY_CHARACTERISTICS: {
1686 CHECK_INTERFACE(IKeystoreService, data, reply);
1687 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1688 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1689 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1690 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1691 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1692 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1693 reply->writeNoException();
1694 reply->writeInt32(ret);
Bin Chen863f16f2016-08-25 15:13:51 +1000[diff] [blame^]1695 reply->writeParcelable(outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1696 return NO_ERROR;
1697 }
1698 case IMPORT_KEY: {
1699 CHECK_INTERFACE(IKeystoreService, data, reply);
1700 String16 name = data.readString16();
1701 KeymasterArguments args;
1702 if (data.readInt32() != 0) {
1703 args.readFromParcel(data);
1704 }
1705 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1706 const uint8_t* keyData = NULL;
1707 size_t keyLength = 0;
1708 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1709 int32_t uid = data.readInt32();
1710 int32_t flags = data.readInt32();
1711 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1712 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1713 &outCharacteristics);
1714 reply->writeNoException();
1715 reply->writeInt32(ret);
Bin Chen863f16f2016-08-25 15:13:51 +1000[diff] [blame^]1716 reply->writeParcelable(outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1717 return NO_ERROR;
1718 }
1719 case EXPORT_KEY: {
1720 CHECK_INTERFACE(IKeystoreService, data, reply);
1721 String16 name = data.readString16();
1722 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1723 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1724 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1725 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1726 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1727 reply->writeNoException();
Bin Chen96d62712016-08-25 14:41:53 +1000[diff] [blame]1728 reply->writeParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1729
1730 return NO_ERROR;
1731 }
1732 case BEGIN: {
1733 CHECK_INTERFACE(IKeystoreService, data, reply);
1734 sp<IBinder> token = data.readStrongBinder();
1735 String16 name = data.readString16();
1736 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1737 bool pruneable = data.readInt32() != 0;
1738 KeymasterArguments args;
1739 if (data.readInt32() != 0) {
1740 args.readFromParcel(data);
1741 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1742 const uint8_t* entropy = NULL;
1743 size_t entropyLength = 0;
1744 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1745 OperationResult result;
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1746 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1747 reply->writeNoException();
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame]1748 reply->writeParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1749
1750 return NO_ERROR;
1751 }
1752 case UPDATE: {
1753 CHECK_INTERFACE(IKeystoreService, data, reply);
1754 sp<IBinder> token = data.readStrongBinder();
1755 KeymasterArguments args;
1756 if (data.readInt32() != 0) {
1757 args.readFromParcel(data);
1758 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1759 const uint8_t* buf = NULL;
1760 size_t bufLength = 0;
1761 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1762 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1763 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1764 reply->writeNoException();
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame]1765 reply->writeParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1766
1767 return NO_ERROR;
1768 }
1769 case FINISH: {
1770 CHECK_INTERFACE(IKeystoreService, data, reply);
1771 sp<IBinder> token = data.readStrongBinder();
1772 KeymasterArguments args;
1773 if (data.readInt32() != 0) {
1774 args.readFromParcel(data);
1775 }
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1776 const uint8_t* signature = NULL;
1777 size_t signatureLength = 0;
1778 readByteArray(data, &signature, &signatureLength);
1779 const uint8_t* entropy = NULL;
1780 size_t entropyLength = 0;
1781 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1782 OperationResult result;
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1783 finish(token, args, signature, signatureLength, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1784 reply->writeNoException();
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame]1785 reply->writeParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1786
1787 return NO_ERROR;
1788 }
1789 case ABORT: {
1790 CHECK_INTERFACE(IKeystoreService, data, reply);
1791 sp<IBinder> token = data.readStrongBinder();
1792 int32_t result = abort(token);
1793 reply->writeNoException();
1794 reply->writeInt32(result);
1795
1796 return NO_ERROR;
1797 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1798 case IS_OPERATION_AUTHORIZED: {
1799 CHECK_INTERFACE(IKeystoreService, data, reply);
1800 sp<IBinder> token = data.readStrongBinder();
1801 bool result = isOperationAuthorized(token);
1802 reply->writeNoException();
1803 reply->writeInt32(result ? 1 : 0);
1804
1805 return NO_ERROR;
1806 }
1807 case ADD_AUTH_TOKEN: {
1808 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1809 const uint8_t* token_bytes = NULL;
1810 size_t size = 0;
1811 readByteArray(data, &token_bytes, &size);
1812 int32_t result = addAuthToken(token_bytes, size);
1813 reply->writeNoException();
1814 reply->writeInt32(result);
1815
1816 return NO_ERROR;
1817 }
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1818 case ON_USER_ADDED: {
1819 CHECK_INTERFACE(IKeystoreService, data, reply);
1820 int32_t userId = data.readInt32();
1821 int32_t parentId = data.readInt32();
1822 int32_t result = onUserAdded(userId, parentId);
1823 reply->writeNoException();
1824 reply->writeInt32(result);
1825
1826 return NO_ERROR;
1827 }
1828 case ON_USER_REMOVED: {
1829 CHECK_INTERFACE(IKeystoreService, data, reply);
1830 int32_t userId = data.readInt32();
1831 int32_t result = onUserRemoved(userId);
1832 reply->writeNoException();
1833 reply->writeInt32(result);
1834
1835 return NO_ERROR;
1836 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1837 default:
1838 return BBinder::onTransact(code, data, reply, flags);
1839 }
1840}
1841
1842// ----------------------------------------------------------------------------
1843
1844}; // namespace android